Python: Make multipleArgumentCallExclude more specific

2025-12-16 16:53:25 +01:00 · 2023-11-21 15:53:55 +01:00
parent 2ec1822e9c
commit f9d7becd04
1 changed files with 10 additions and 1 deletions
--- a/python/ql/consistency-queries/DataFlowConsistency.ql
+++ b/python/ql/consistency-queries/DataFlowConsistency.ql
@@ -50,7 +50,16 @@ private module Input implements InputSig<PythonDataFlow> {
  }

  predicate multipleArgumentCallExclude(ArgumentNode arg, DataFlowCall call) {
-    isArgumentNode(arg, call, _)
+    // since we can have multiple DataFlowCall for a CallNode (for example if can
+    // resolve to multiple functions), but we only make _one_ ArgumentNode for each
+    // argument in the CallNode, we end up violating this consistency check in those
+    // cases. (see `getCallArg` in DataFlowDispatch.qll)
+    exists(DataFlowCall other, CallNode cfgCall | other != call |
+      call.getNode() = cfgCall and
+      other.getNode() = cfgCall and
+      isArgumentNode(arg, call, _) and
+      isArgumentNode(arg, other, _)
+    )
  }
 }